%global soversion 1.0.0 # Number of threads to spawn when testing some threading fixes. %global thread_test_threads %{?threads:%{threads}}%{!?threads:1} # Arches on which we need to prevent arch conflicts on opensslconf.h, must # also be handled in opensslconf-new.h. %global multilib_arches %{ix86} ia64 %{mips} ppc %{power64} s390 s390x sparcv9 sparc64 x86_64 %global _performance_build 1 %define libname %mklibname compat-openssl 10 %{soversion} %define develname %mklibname compat-openssl10 -d %define staticname %mklibname compat-openssl10 -s -d %define with_krb5 0 Summary: Compatibility version of the OpenSSL library Name: compat-openssl10 Version: 1.0.2u Release: %mkrel 1 Epoch: 1 Source: http://www.openssl.org/source/openssl-%{version}.tar.gz Source2: Makefile.certificate Source6: make-dummy-cert Source7: renew-dummy-cert Source8: openssl-thread-test.c Source9: opensslconf-new.h Source10: opensslconf-new-warning.h # Build changes Patch1: openssl-1.0.2e-optflags.patch Patch2: openssl-1.0.2a-defaults.patch Patch4: openssl-1.0.2i-enginesdir.patch Patch5: openssl-1.0.2a-no-rpath.patch Patch7: openssl-1.0.0-timezone.patch Patch8: openssl-1.0.1c-perlfind.patch Patch9: openssl-1.0.1c-aliasing.patch # Bug fixes Patch23: openssl-1.0.2c-default-paths.patch Patch24: openssl-1.0.2a-issuer-hash.patch # Functionality changes Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-1.0.2a-x509.patch Patch35: openssl-1.0.2a-version-add-engines.patch Patch45: openssl-1.0.2a-env-zlib.patch Patch47: openssl-1.0.2a-readme-warning.patch Patch49: openssl-1.0.1i-algo-doc.patch Patch50: openssl-1.0.2a-dtls1-abi.patch Patch51: openssl-1.0.2a-version.patch Patch60: openssl-1.0.2a-apps-dgst.patch Patch63: openssl-1.0.2a-xmpp-starttls.patch Patch65: openssl-1.0.2i-chil-fixes.patch Patch66: openssl-1.0.2h-pkgconfig.patch Patch71: openssl-1.0.2m-manfix.patch Patch74: openssl-1.0.2a-no-md5-verify.patch Patch90: openssl-1.0.2i-enc-fail.patch Patch92: openssl-1.0.2a-system-cipherlist.patch Patch93: openssl-1.0.2g-disable-sslv2v3.patch Patch96: openssl-1.0.2e-speed-doc.patch Patch97: openssl-1.0.2j-nokrb5-abi.patch # Backported fixes including security fixes Patch81: openssl-1.0.2a-padlock64.patch License: OpenSSL Group: System/Libraries URL: http://www.openssl.org/ Requires: %{libname} = %{epoch}:%{version}-%{release} Requires: rootcerts %if %{with_krb5} BuildRequires: pkgconfig(krb5) %endif BuildRequires: multiarch-utils >= 1.0.3 BuildRequires: pkgconfig(zlib) # (tv) for test suite: BuildRequires: bc %description The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. %package -n %{libname} Summary: Secure Sockets Layer communications libs Group: System/Libraries Requires: crypto-policies Conflicts: %{mklibname openssl 1.0.0} Obsoletes: %{mklibname openssl 1.0.0} %description -n %{libname} The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. %package -n %{develname} Summary: Files for development of applications which have to use OpenSSL-1.0.2 Group: Development/Other Requires: %{name} = %{epoch}:%{version}-%{release} Requires: zlib-devel Requires: pkgconfig # The devel subpackage intentionally conflicts with main openssl-devel # as simultaneous use of both openssl package cannot be encouraged. # Making the packages non-conflicting would also require further # changes in the dependent packages. Conflicts: openssl-devel Provides: %{name}-devel = %{epoch}:%{version}-%{release} %description -n %{develname} The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. This package contains include files needed to develop applications which support various cryptographic algorithms and protocols. %prep %setup -q -n openssl-%{version} %patch1 -p1 -b .optflags %patch2 -p1 -b .defaults %patch4 -p1 -b .enginesdir %{?_rawbuild} %patch5 -p1 -b .no-rpath %patch7 -p1 -b .timezone %patch8 -p1 -b .perlfind %{?_rawbuild} %patch9 -p1 -b .aliasing %patch23 -p1 -b .default-paths %patch24 -p1 -b .issuer-hash %patch33 -p1 -b .ca-dir %patch34 -p1 -b .x509 %patch35 -p1 -b .version-add-engines %patch45 -p1 -b .env-zlib %patch47 -p1 -b .warning %patch49 -p1 -b .algo-doc %patch50 -p1 -b .dtls1-abi %patch51 -p1 -b .version %patch60 -p1 -b .dgst %patch63 -p1 -b .starttls %patch65 -p1 -b .chil %patch66 -p1 -b .pkgconfig %patch71 -p1 -b .manfix %patch74 -p1 -b .no-md5-verify %patch90 -p1 -b .enc-fail %patch92 -p1 -b .system %patch93 -p1 -b .v2v3 %patch96 -p1 -b .speed-doc %patch97 -p1 -b .nokrb5-abi %patch81 -p1 -b .padlock64 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` # Generate a table with the compile settings for my perusal. touch Makefile make TABLE PERL=%{__perl} %build # Figure out which flags we want to use. # default sslarch=%{_os}-%{_target_cpu} %ifarch %ix86 sslarch=linux-elf if ! echo %{_target} | grep -q i686 ; then sslflags="no-asm 386" fi %endif %ifarch x86_64 sslflags=enable-ec_nistp_64_gcc_128 %endif %ifarch sparcv9 sslarch=linux-sparcv9 sslflags=no-asm %endif %ifarch sparc64 sslarch=linux64-sparcv9 sslflags=no-asm %endif %ifarch alpha alphaev56 alphaev6 alphaev67 sslarch=linux-alpha-gcc %endif %ifarch s390 sh3eb sh4eb sslarch="linux-generic32 -DB_ENDIAN" %endif %ifarch s390x sslarch="linux64-s390x" %endif %ifarch %{arm} sslarch=linux-armv4 %endif %ifarch aarch64 sslarch=linux-aarch64 sslflags=enable-ec_nistp_64_gcc_128 %endif %ifarch sh3 sh4 sslarch=linux-generic32 %endif %ifarch ppc64 ppc64p7 sslarch=linux-ppc64 %endif %ifarch ppc64le sslarch="linux-ppc64le" sslflags=enable-ec_nistp_64_gcc_128 %endif %ifarch mips mipsel sslarch="linux-mips32 -mips32r2" %endif %ifarch mips64 mips64el sslarch="linux64-mips64 -mips64r2" %endif %ifarch mips64el sslflags=enable-ec_nistp_64_gcc_128 %endif # ia64, x86_64, ppc are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ enable-cms enable-md2 enable-rc5 \ no-mdc2 no-ec2m no-gost no-srp no-krb5 \ --enginesdir=%{_libdir}/openssl/engines \ shared ${sslarch} # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. # Also add -DPURIFY to make using valgrind with openssl easier as we do not # want to depend on the uninitialized memory as a source of entropy anyway. RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY" make depend make all # Generate hashes for the included certs. make rehash # Clean up the .pc files for i in libcrypto.pc libssl.pc openssl.pc ; do sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i done %check # Verify that what was compiled actually works. # We must revert patch33 before tests otherwise they will fail patch -p1 -R < %{PATCH33} LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY make -C test apps tests %{__cc} -o openssl-thread-test \ -I./include \ $RPM_OPT_FLAGS \ %{SOURCE8} \ -L. \ -lssl -lcrypto \ -lpthread -lz -ldl ./openssl-thread-test --threads %{thread_test_threads} %define __provides_exclude_from %{_libdir}/openssl %install # Install OpenSSL. install -d %{buildroot}{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} make INSTALL_PREFIX=%{buildroot} LIBDIR=%{_lib} install make INSTALL_PREFIX=%{buildroot} install_docs mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl mv %{buildroot}%{_sysconfdir}/pki/tls/man/* %{buildroot}%{_mandir}/ rmdir %{buildroot}%{_sysconfdir}/pki/tls/man # Delete static library rm -f %{buildroot}%{_libdir}/*.a || : # Rename man pages so that they don't conflict with other system man pages. pushd %{buildroot}%{_mandir} for manpage in man*/* ; do if [ -L ${manpage} ]; then TARGET=`ls -l ${manpage} | awk '{ print $NF }'` ln -snf ${TARGET}ssl ${manpage}ssl rm -f ${manpage} else mv ${manpage} ${manpage}ssl fi done popd # Delete non-devel man pages in the compat package rm -rf %{buildroot}%{_mandir}/man[157]* # Delete configuration files rm -rf %{buildroot}%{_sysconfdir}/pki # Remove binaries rm -rf %{buildroot}/%{_bindir} # Remove engines rm -rf %{buildroot}/%{_libdir}/openssl %files %license LICENSE %doc FAQ NEWS README %files -n %{libname} %doc FAQ LICENSE NEWS README* %{_libdir}/libcrypto.so.%{soversion} %{_libdir}/libssl.so.%{soversion} %files -n %{develname} %doc doc/c-indentation.el doc/openssl.txt CHANGES %{_prefix}/include/openssl %{_libdir}/*.so %{_mandir}/man3*/* %attr(0644,root,root) %{_libdir}/pkgconfig/*.pc %changelog * Sat Dec 28 2019 ns80 <ns80> 1:1.0.2u-1.mga7 + Revision: 1474564 - new version 1.0.2u (mga#25977) - new version 1.0.2t for CVE-2019-1547 and CVE-2019-1563 (mga#24888) * Wed Feb 27 2019 luigiwalser <luigiwalser> 1:1.0.2r-1.mga7 + Revision: 1370312 - 1.0.2r (fixes CVE-2019-1559) * Thu Nov 22 2018 ns80 <ns80> 1:1.0.2q-1.mga7 + Revision: 1333296 - new version 1.0.2q for CVE-2018-0734 and CVE-2018-5407 (mga#23870) * Sun Sep 23 2018 umeabot <umeabot> 1:1.0.2o-3.mga7 + Revision: 1296720 - Mageia 7 Mass Rebuild * Fri Jun 08 2018 pterjan <pterjan> 1:1.0.2o-2.mga7 + Revision: 1235343 - Force correct libdir, it uses wrong one on aarch64 * Sat Mar 31 2018 luigiwalser <luigiwalser> 1:1.0.2o-1.mga7 + Revision: 1213923 - 1.0.2o * Wed Dec 13 2017 luigiwalser <luigiwalser> 1:1.0.2n-1.mga7 + Revision: 1182495 - 1.0.2n * Sat Nov 11 2017 luigiwalser <luigiwalser> 1:1.0.2m-3.mga7 + Revision: 1176944 - replace old library * Fri Nov 10 2017 luigiwalser <luigiwalser> 1:1.0.2m-2.mga7 + Revision: 1176807 - add back patch to fix compilation flags (fixes empty debug source package) - remove explicit attrs on symlinks - unmangle soname (incompatibility from fedora) - disable krb5 build by default (as we had it before) - remove BR chrpath (not used) * Sun Nov 05 2017 luigiwalser <luigiwalser> 1:1.0.2m-1.mga7 + Revision: 1176037 - 1.0.2m - switch back to real tarball - remove extra fedora stuff that prevents updating and building package * Tue Aug 22 2017 neoclust <neoclust> 1:1.0.2j-9.mga7 + Revision: 1143307 - imported package compat-openssl10